CISA, NSA provide best practices for SBOM consumption under ‘Enduring Security Framework’ initiative

CISA and the National Security Agency have published a guide on best practices for Software Bill of Materials consumption, with support from collaborators under the “Enduring Security Framework.”

The report “aids software developers, suppliers, and customer stakeholders in ensuring the integrity and security of software via contractual agreements, software releases and updates, notifications, and mitigations of vulnerabilities,” according to a Thursday release from NSA.

ESF is a public-private, cross-sector working group led by NSA, CISA and the Office of...